您现在的位置是:首页 > cms教程 > Discuz教程Discuz教程
discuz验证过程介绍
海云2025-06-28Discuz教程已有人查阅
导读cdb_members表的secques字段是干嘛用的(二次操作验证之用)--意思是如果groupid='6', 那么ipbanned的值为真,为1清空了所有客户端cookie后的访问-
呵呵....
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现
-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客
----------以下语句看起来是无用-----------
--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符.
-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 .
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现
SELECT groupid='6' AS ipbanned
--意思是如果groupid='6', 那么ipbanned的值为真,为1-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客
DELETE FROM cdb_sessions
WHERE sid='9brXS4' --不知道这个sid从何而来(可能为随机)
OR lastactivity<(1166753279-900) --15分钟未活动的游客
OR ('0'<>'0' AND uid='0') --此条件永远为false , 0当然=0
OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166753279-60) --或者同一ip活动时间1分钟内的.(即去除同一ip的重复记录)
----插入此游客记录到session里
INSERT INTO cdb_sessions
(sid, ip1, ip2, ip3, ip4,
uid, username, groupid, styleid, invisible, action,
lastactivity, --当前时间为活动时间
lastolupdate, seccode, --seccode安全码?不知道有什么用
fid, tid, bloguid)
VALUES ('9brXS4', '127', '0', '0', '1',
'0', '', '7', '1', '0', '1', '1166753279', '0', '9373', '0', '0', '0')
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----///////////////////登录过程/////////////////////////////----------以下语句看起来是无用-----------
SELECT uid, secques FROM cdb_members WHERE username='admin'
UPDATE cdb_members SET username='admin', password='45e153xxxxxxx87cb6bf8', email='dfds@126.com'
WHERE uid='1054'
----------貌似这里是重复劳动---------------
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='1054' AND password='45e1534xxxxxxx387cb6bf8' AND secques=''
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
---查论坛帖子数量信息------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
--查论坛信息---
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time--
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166754541'
WHERE uid='1054' AND lastupdate<='1166753941'
--在线人数据-----
DELETE FROM cdb_sessions WHERE sid='QvC8mm' OR lastactivity<(1166754541-900) OR ('1054'<>'0' AND uid='1054') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166754541-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('QvC8mm', '127', '0', '0', '1', '1054', 'admin', '1', '1', '0', '1', '1166754541', '1166754541', '2124', '0', '0', '0')
---更新会员之后访问
UPDATE cdb_members SET lastip='127.0.0.1', lastvisit=lastactivity, lastactivity='1166754541' WHERE uid='1054'
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员的访问/////////////////////////////--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符.
SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM cdb_sessions WHERE sid='QvC8mm' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='127.0.0.1'
--查询会员信息,现在我们知道为什么discuz论坛都要定期清理会员了.这个操作是如此的频繁.
SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw,
m.secques AS discuz_secques, m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset,
m.tpp, m.ppp, m.posts, m.digestposts, m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks,m.xspacestatus, m.editormode, m.customshow
FROM cdb_members m WHERE uid='1054'
--查询论坛信息-----------
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
--online time , 每10分钟
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166755500'
WHERE uid='1054' AND lastupdate<='1166754900'
--更新会员信息
UPDATE cdb_sessions SET uid='1054', username='admin', groupid='1', styleid='1', invisible='0', action='1',
lastactivity='1166755500', lastolupdate='1166755500', seccode='2124', fid='0', tid='0', bloguid='0' ,
pageviews=pageviews+1 WHERE sid='QvC8mm'
--在线人数信息------
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
-----普通会员操作的验证/////////////////////////////-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 .
SELECT * FROM `cdb_members` WHERE username = 'testxx'
SELECT uid, secques FROM cdb_members WHERE username='testxx'
UPDATE cdb_members SET username='testxx', password='52c69e3a57331099999991c4e69d3f2e', email='99@99.com'
WHERE uid='852'
061222 13:45:47 3 Connect root@localhost on
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='852' AND password='52c69e3a57331099999991c4e69d3f2e' AND secques=''
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166766347' WHERE uid='852' AND lastupdate<='1166765747'
INSERT INTO cdb_onlinetime (uid, thismonth, total, lastupdate)
VALUES ('852', '10', '10', '1166766347')
DELETE FROM cdb_sessions WHERE sid='5sS9P0' OR lastactivity<(1166766347-900) OR ('852'<>'0' AND uid='852') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166766347-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('5sS9P0', '127', '0', '0', '1', '852', 'testxx', '10', '1', '0', '1', '1166766347', '1166766347', '4097', '0', '0', '0')
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC
感谢您的认可和支持
微信
支付宝
本文标签:
很赞哦! ()
相关教程
图文教程
Discuz数据库表参数说明
Discuz的基础架构采用世界上很流行的web编程组合PHP+MySQL实现,是一个经过完善设计,适用于各种服务器环境的高效论坛系统解决方案。作为国内较大的社区软件及服务提供商
Discuz!NT在64位Windows下运行常见问题
非常搞,等了快一年Discuz!NT的免费版本依旧不支持64位Windows。官方出了64位windows支持的指南居然是叫用户把IIS设置为32位兼容模式。说了等于没说
Discuz论坛使用方法介绍
Discuz! 是腾讯旗下 Comsenz 公司推出的以社区为基础的专业建站平台,帮助网站实现一站式服务。让论坛(BBS)、个人空间(SNS)、门户(Portal)、群组(Group)
python实现discuz论坛自动post登录发贴回帖
下面简单说下过程:首先是得到了login的post地址:几个关键的parameter是
相关源码
-
帝国cms7.5女性护肤搭配美妆潮流网站源码带数据4.5G本模板专为女性美容护肤行业设计,提供美容护肤、发型设计、女性健康、时尚化妆、娱乐新闻、服饰搭配等女性潮流资讯内容展示。采用帝国CMS7.5开发,同步生成电脑端和手机端,满足用户对美容时尚信息的获取需求。查看源码 -
(PC+WAP)蓝色电子半导体电子设备网站pbootcms源码下载本模板基于PbootCMS内核开发,为半导体和电子科技行业设计,特别适合电子元器件、集成电路、半导体设备及相关技术产品展示。查看源码 -
宽屏自适应搬家家政快递物流公司网站模板该宽屏大气的响应式网站模板专为搬家公司、家政服务及物流快递企业设计,基于PbootCMS内核开发,通过自适应布局确保手机、PC等多终端体验一致,助力企业高效构建专业在线服务平台。查看源码 -
(自适应响应式)HTML5磁电机械设备蓝色营销型网站pbootcms模板本模板为磁电设备行业设计,采用蓝色营销风格,突出工业设备的专业性和技术感。模板结构清晰,能够有效展示磁电设备的技术参数、应用场景和企业实力,帮助客户快速了解产品特点和公司服务。查看源码 -
(PC+WAP)货运物流快递仓储货架pbootcms网站模板下载本模板基于PbootCMS开发,为货运物流、快递配送、仓储货架等行业设计,支持PC+WAP自适应,确保在电脑、手机、平板等设备上均能流畅访问。适用于物流公司、仓储企业查看源码 -
(自适应)包装机贴标机设备网站源码免费下载基于PbootCMS内核开发的响应式企业模板,为包装机械、贴标设备等工业领域打造,通过数字化展示提升企业专业形象。查看源码
| 分享笔记 (共有 篇笔记) |
